2

Smart lock?

Apple, Android, Google, and now Microsoft have a feature called "auto|smart|dynamic|proximity lock" which enables to unlock your computer by simply carrying a (Bluetooth) support device with you. That means if you move "too far" away from your computer it will automatically lock your screen, contrary if you move to your device to the computer it will automatically unlock.

Security

I am interested in researching the security aspect of these methods, e.g. what are the specifications and how are they actually implemented. However, I am surprised (well, in the case of Apple not so much) that details of their smart locks are not widely available, not to say not publicly available at all.

In the case of Apple, I was already able to find some specifications that the protocol uses both, Bluetooth LE and WiFi. But do they prevent re(p)lay attacks? Can malware installed on the smartphone give an attacker the power to unlock the computer?

So?

My question is: Where do I start? Do you know any sources that give me pieces of information about how the locks work? I think it would be not feasible to sniff the send traffic (which would be extremely annoying in the case of Bluetooth frequency hopping), so how else could I get information about what is sent over the channel?

Cheers

schroeder
  • 123,438
  • 55
  • 284
  • 319
Nils Q.
  • 29
  • 1
  • proximity keys have been around for a long time – schroeder Jun 08 '17 at 09:10
  • I'm doing some quick Googling and finding Windows specification docs ... – schroeder Jun 08 '17 at 09:15
  • I know that there are things like BLE beacons that enables the smartphone to detect whether you are near a specific place or not. But that is a passive process. My Guess (better hope) is that the locking mechanism for computer uses an *active* protocol. – Nils Q. Jun 08 '17 at 09:38
  • I want to know how the locking system(s) work, i.e. used cryptogaphic primitives and what happens in the *security* (not BT) protocol – Nils Q. Jun 08 '17 at 11:06
  • then the docs from the OS makers themselves have all that - have you looked at them? – schroeder Jun 08 '17 at 11:38
  • Well, I tried to find docs about the Apples method. But most search results are about how to establish this kind of locking method - and just vague speculations about how it *might* work. With Microsoft, there is a similar problem. Google has another problem, that is they named some kind of single sign on method "smart lock". But I guess at least there I have to optimize my search. I think there has not been much of an interest in analyzing these login methods therefore only very few articles exist about them – Nils Q. Jun 08 '17 at 12:07
  • MS publishes the entire spec for Windows – schroeder Jun 08 '17 at 12:08

0 Answers0